Latest news of the domain name industry

Recent Posts

ICANN asks: just what the hell is Whois for anyway?

Kevin Murphy, November 19, 2012, 20:48:46 (UTC), Domain Policy

It’s back to basics time at ICANN, with the launch today of a massive effort to take a fresh look at Whois.

This could be a biggie.

“We’re going to go back to the fundamentals and ask: what problems are being addressed by Whois, who’s using it and what are they using it for?” ICANN chair Steve Crocker told DI.

The ICANN board of directors earlier this month passed a resolution, published today, that calls for:

a new effort to redefine the purpose of collecting, maintaining and providing access to gTLD registration data, and consider safeguards for protecting data, as a foundation for new gTLD policy and contractual negotiations

This is bare-bones, fundamental stuff, likely to encompass pretty much every controversial issue to hit Whois over the years.

Crocker noted that the use of Whois, originally designed to help people locate the operators of large multi-user computing services, has changed over the years.

Is Whois now there to help law enforcement track down crooks? Is it there to help intellectual property owners enforce their rights? Should it help domainers verify who they’re transacting with?

Should published Whois records always be complete and accurate? Is there a right to privacy in Whois?

These are the some of the big questions that ICANN has tried and failed to grapple with over the last decade, and Crocker said that now is the time to answer them.

“My own feeling is that this must not suffer from the endless delays it has in the past, but at the same time it’s essential that we get it right rather than get it done quickly,” he said.

The new board resolution didn’t appear of thin air, however.

It’s a response to the recommendations of the Whois Policy Review Team, which earlier this year called for ICANN to make a Whois a strategic priority.

The review team itself was set up to comply with ICANN’s Affirmation of Commitments with the US Department of Commerce, one of ICANN’s core documents and part of the basis of its legitimacy.

But the AoC may presuppose certain outcomes of any root-and-branch Whois reform, calling as it does for a Whois policy that “meets the legitimate needs of law enforcement and promotes consumer trust”.

Crocker said that doesn’t necessarily rule out a big rethink about the way Whois data is accessed.

“Today, all of the information in Whois is published for the public,” he said. “Anyone can get at it, it doesn’t matter if you’re competitor or friend or law enforcement, you can get access.”

“A point of discussion could be: would it make sense to make different levels of access to information available to different people?” he added.

As an analogy, he pointed to car license plates. If you’re a cop and you see a suspicious vehicle you can trace the owner, but if you’ve just taken a fancy to the driver it’s harder to get their number.

Crocker noted that he’s not presupposing any outcomes of the review.

As well as calling for the review, the board’s latest resolution also calls for existing Whois rules, such as they are, to continue to be strictly adhered to. The resolution:

directs the CEO to continue to fully enforce existing consensus policy and contractual conditions relating to the collection, access and accuracy of gTLD registration data

This second prong of the approach is no doubt designed in part to remind contracted parties that just because Whois is open for review it doesn’t mean they can start ignoring compliance notices.

However, it’s going to be interesting to see how Whois reform plays into open discussions such as the renegotiation of the Registrar Accreditation Agreement.

The big stumbling blocks in the RAA talks right now relate directly to Whois verification, so registrars might be able to start arguing that agreeing to ICANN’s demands might preempt the review.

But Crocker doesn’t think that should happen.

“An examination of the fundamentals of Whois should not serve as as way of stalling or pulling back on the current system,” he said.

It’s not entirely clear what the next steps are for the Whois review.

There will be a board-mandated GNSO Policy Development Process somewhere down the line, but not until CEO Fadi Chehade has conducted some kind of outreach and information-gathering, it seems.

How long this will take is not known, but I get the impression the board wants to move relatively quickly. The PDP, I would guess, will take a couple of years at least.

Chehade said in his opening address during the Toronto meeting last month that long-standing disagreements over the purpose of Whois should be relatively “easy” to resolve.

Let’s see if he’s correct. I wouldn’t put money on it.

Tagged: , ,

Comments (3)

  1. theo says:

    Though WHOIS verification is part of the RAA talks.. it is a seperate issue imo when it comes to a new a WHOIS eco system.

    The current WHOIS eco system has tons of flaws and i am not even going to point them out due to RSI reasons.

    When we look at the ccTLD landscape one can cherry pick the solutions.

    So from a technical point of view the examples are already there. And let’s face it the ccTLD’s face the same LEA issues.

    So it is more a matter of getting things done.

  2. Volker Greimann says:

    The solution: hidden thick whois for individual registrants, full public whois for organizations, as is already practiced by many European registries.

    The full display of private information for all to see opens up every registrant to countless amounts of abuse. Whois privacy is as successful as it is precisely due to the fact that current whois policy does not factor in privacy concerns.

  3. Dr. Christopher W. Hartnett says:

    Great post. I agree Kevin, I think this is a bigger issue than they might think at first glance and has huge international ramifications both legally and politically. Thank you for bringing this to our attention and for keeping an eye on this important issue for anyone who is concerned about the future and safety of the internet. Actually, thank you for all your hard work and great reporting. Your name and bog has become synonymous with “the truth and full disclosure” when it comes to ICANN reporting.

Add Your Comment